The Tick42 Permissioning server provides a simple interface which both data providers and data consumers can use to establish a user's entitlement to data.
The Tick42 User Permissioning service provides a comprehensive solution to the issues associated with managing, controlling and auditing user access to applications and to market data. It allows you to satisfy the requirements imposed both by feed vendors, such as Bloomberg, and the various data-originating exchanges.
Why would you want it?
Easy to use
As well as providing simple queries - “Is user X entitled to view security Y?” and “Is user X entitled to run application A?” - it shows an audit trail of who has accessed what, with a range of reports which can be customised to satisfy the reporting requirements of any data vendor.
Meanwhile, tracking usage aids cost management by identifying which data sources are actually used. The product has evolved successfully from our implementations of Bloomberg Server API security for several Tick42 clients.
- Uses industry standard SQL database
- Provides support for both content based and subject based entitlement checks
- Supports merged entitlements for derived data
- Web Service interface allows easy access from any system component.
- Comprehensive auditing logs when users are added, entitlements changed etc
- Database tracks which securities and entitlements are actually being used to allow cost management
- “open” database schema allows customisation to an organisations specific reporting requirements.
- Also supports Bloomberg terminal login validation.
- User management console provides convenient administrative access
- Discover user capabilities at logon
How it works
The Tick42 User Permissioning Service runs as a standalone component along with its database. It provides a web service interface which is used both to query and to administer the database.
Data source specifics are provided by one or more provider services that run independently. An example? The Bloomberg Provider which uses the Bloomberg server API to obtain user and security entitlement data and user logon status. A defined provider interface allows a provider for any source of Permissioning data to be incorporated into the system
Typically a feed handler will perform access control on behalf of the user apps connected to it using some variant of a subject-based permissioning model. For example, “Is this user allowed to request this security?” The Tick42 Market Data Platform encodes entitlement information on any data that is published on it, allowing a content-based permissioning model to be implemented by a client so it’s easy to write applications which do their own entitlement-checking directly.
Equally, applications not using market data at all can simply make requests on the service to ask “Is this user entitled to run this application?”
The interface is implemented as a web service and so is accessible from a wide range of runtime environments.
Permissions and the Tick42 Architecture